General
-
Target
a5347604c9f60d7262bc349a7dd63dcfd11e2a1e78be1691fc88c72fbddb6f02
-
Size
270KB
-
Sample
220122-z6549sdbg2
-
MD5
6d15c23512d891fa5b68a2f5162c5c38
-
SHA1
cd29e71e1bcafc8a02bc20bd98d092761fc2dc65
-
SHA256
a5347604c9f60d7262bc349a7dd63dcfd11e2a1e78be1691fc88c72fbddb6f02
-
SHA512
9b48df476469ecad0210e5f7707ae417b43b6cc2c895f4f5702ffa17a4d48de63fec764de2c9c1df419ff711eeb0f8a6c71fc91a383ea05cd1783cab1e842fd5
Static task
static1
Malware Config
Extracted
arkei
Default
http://homesteadr.link/ggate.php
Targets
-
-
Target
a5347604c9f60d7262bc349a7dd63dcfd11e2a1e78be1691fc88c72fbddb6f02
-
Size
270KB
-
MD5
6d15c23512d891fa5b68a2f5162c5c38
-
SHA1
cd29e71e1bcafc8a02bc20bd98d092761fc2dc65
-
SHA256
a5347604c9f60d7262bc349a7dd63dcfd11e2a1e78be1691fc88c72fbddb6f02
-
SHA512
9b48df476469ecad0210e5f7707ae417b43b6cc2c895f4f5702ffa17a4d48de63fec764de2c9c1df419ff711eeb0f8a6c71fc91a383ea05cd1783cab1e842fd5
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-